Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alpine/apk package type? #159

Closed
rnjudge opened this issue Mar 28, 2022 · 3 comments
Closed

Alpine/apk package type? #159

rnjudge opened this issue Mar 28, 2022 · 3 comments

Comments

@rnjudge
Copy link
Contributor

rnjudge commented Mar 28, 2022

Alpine/apk is a popular packaging format, yet there is no entry for this in the purl spec. According to https://ossindex.sonatype.org/component/pkg:alpine/<pkg_name> there is an expected method for entering purls for alpine packages. For example, pkg:alpine/libxml2 seems to be the preferred way compared to pkg:apk/alpine/libxml2 but I can't seem to find any justification for this in the purl repo or from ossindex.

Is there a reason the purl spec does not have an entry for alpine packages yet? If ossindex is supporting the alpine purl then it seems necessary to also have this as a supported type in the purl repo.

@stevespringett
Copy link
Member

The Alpine apk purl type has not yet been defined. It's currently under consideration. Refer to https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst. If you'd like to help us define the purl type, it would be most appreciated.

apk was not chosen due to a known conflict with Android which also uses the term apk.

rnjudge added a commit to rnjudge/tern that referenced this issue Apr 14, 2022
The purl generation for apk packages was faulty. For example the purl
for an alpine image busybox package was pkg:apk/alpine/[email protected]
instead of the correct pkg:alpine/[email protected].

Note that "apk" type packages are not defined for purl yet,
specifically, but OSSINDEX uses the pkg:alpine[1] notation and purl has
purposely chosen not to use "apk" as an identifier due to a known
conflict with Android which also uses the term apk[2].

[1] https://ossindex.sonatype.org/component/pkg:alpine/[email protected]
[2] package-url/purl-spec#159 (comment)

Resolves: tern-tools#1131

Signed-off-by: Thiéfaine Mercier <[email protected]>
Signed-off-by: Rose Judge <[email protected]>
rnjudge added a commit to tern-tools/tern that referenced this issue Apr 14, 2022
The purl generation for apk packages was faulty. For example the purl
for an alpine image busybox package was pkg:apk/alpine/[email protected]
instead of the correct pkg:alpine/[email protected].

Note that "apk" type packages are not defined for purl yet,
specifically, but OSSINDEX uses the pkg:alpine[1] notation and purl has
purposely chosen not to use "apk" as an identifier due to a known
conflict with Android which also uses the term apk[2].

[1] https://ossindex.sonatype.org/component/pkg:alpine/[email protected]
[2] package-url/purl-spec#159 (comment)

Resolves: #1131

Signed-off-by: Thiéfaine Mercier <[email protected]>
Signed-off-by: Rose Judge <[email protected]>
alannaemmrie pushed a commit to alannaemmrie/tern that referenced this issue Apr 27, 2022
The purl generation for apk packages was faulty. For example the purl
for an alpine image busybox package was pkg:apk/alpine/[email protected]
instead of the correct pkg:alpine/[email protected].

Note that "apk" type packages are not defined for purl yet,
specifically, but OSSINDEX uses the pkg:alpine[1] notation and purl has
purposely chosen not to use "apk" as an identifier due to a known
conflict with Android which also uses the term apk[2].

[1] https://ossindex.sonatype.org/component/pkg:alpine/[email protected]
[2] package-url/purl-spec#159 (comment)

Resolves: tern-tools#1131

Signed-off-by: Thiéfaine Mercier <[email protected]>
Signed-off-by: Rose Judge <[email protected]>
@Foxboron
Copy link
Contributor

Please see #171

afaik Andoid is moving away from using apk to use aab in the future so this conflict should not be an issue I think.

@rnjudge
Copy link
Contributor Author

rnjudge commented Feb 17, 2023

apk has been added to the purl spec, so we can close this issue :) Thanks!

@rnjudge rnjudge closed this as completed Feb 17, 2023
AyanSinhaMahapatra added a commit to aboutcode-org/scancode-toolkit that referenced this issue May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants